CVE-2021-20322

Published on: Not Yet Published

Last Modified on: 07/28/2022 09:39:00 AM UTC

CVE-2021-20322

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Certain versions of Debian Linux from Debian contain the following vulnerability:

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

  • CVE-2021-20322 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.4 - HIGH

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED HIGH HIGH NONE

CVSS2 Score: 5.8 - MEDIUM

Access
Vector		 Access
Complexity		 Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
PARTIAL PARTIAL NONE

CVE References

Description Tags Link
[SECURITY] [DLA 2941-1] linux-4.19 security update lists.debian.org
text/html
 URL Logo MLIST [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
kernel/git/torvalds/linux.git - Linux kernel source tree git.kernel.org
text/html
 URL Logo MISC git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43
CVE-2021-20322 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security security.netapp.com
text/html
 URL Logo CONFIRM security.netapp.com/advisory/ntap-20220303-0002/
2014230 – (CVE-2021-20322) CVE-2021-20322 kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies bugzilla.redhat.com
text/html
 URL Logo MISC bugzilla.redhat.com/show_bug.cgi?id=2014230
kernel/git/torvalds/linux.git - Linux kernel source tree git.kernel.org
text/html
 URL Logo MISC git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810
kernel/git/torvalds/linux.git - Linux kernel source tree git.kernel.org
text/html
 URL Logo MISC git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1
Debian -- Security Information -- DSA-5096-1 linux www.debian.org
Depreciated Link
text/html
 URL Logo DEBIAN DSA-5096
kernel/git/torvalds/linux.git - Linux kernel source tree git.kernel.org
text/html
 URL Logo MISC git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e
Oracle Critical Patch Update Advisory - July 2022 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpujul2022.html
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 159741 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9260)
  • 159825 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1988)
  • 178943 Debian Security Update for linux (DLA 2843-1)
  • 179117 Debian Security Update for linux (DSA 5096-1)
  • 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
  • 180522 Debian Security Update for linux (CVE-2021-20322)
  • 198655 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5268-1)
  • 240275 Red Hat Update for kernel-rt (RHSA-2022:1975)
  • 240298 Red Hat Update for kernel security (RHSA-2022:1988)
  • 240390 Red Hat Update for kernel-rt (RHSA-2022:4835)
  • 240392 Red Hat Update for kernel security (RHSA-2022:4829)
  • 353161 Amazon Linux Security Advisory for kernel : ALAS-2022-1563
  • 354747 Amazon Linux Security Advisory for kernel : ALAS-2023-1688
  • 390258 Oracle VM Server for x86 Security Update for kernel (OVMSA-2022-0011)
  • 671181 EulerOS Security Update for kernel (EulerOS-SA-2021-2934)
  • 671219 EulerOS Security Update for kernel (EulerOS-SA-2022-1030)
  • 671225 EulerOS Security Update for kernel (EulerOS-SA-2022-1010)
  • 671252 EulerOS Security Update for kernel (EulerOS-SA-2022-1171)
  • 671288 EulerOS Security Update for kernel (EulerOS-SA-2022-1227)
  • 671304 EulerOS Security Update for kernel (EulerOS-SA-2022-1208)
  • 751399 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1501-1)
  • 751406 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3806-1)
  • 751424 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3848-1)
  • 751436 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3877-1)
  • 751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
  • 751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
  • 751451 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3935-1)
  • 751462 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3941-1)
  • 751473 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3969-1)
  • 751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)
  • 751489 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (SUSE-SU-2021:4057-1)
  • 900692 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8673)
  • 906237 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8673-1)
  • 940517 AlmaLinux Security Update for kernel (ALSA-2022:1988)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System		DebianDebian Linux10.0AllAllAll
Operating
System		DebianDebian Linux9.0AllAllAll
Operating
System		FedoraprojectFedora34AllAllAll
Operating
System		LinuxLinux KernelAllAllAllAll
ApplicationNetappActive Iq Unified Manager-AllAllAll
Hardware Device InfoNetappAff A700s-AllAllAll
Operating
System		NetappAff A700s Firmware-AllAllAll
Hardware Device InfoNetappAff Baseboard Management Controllera400AllAllAll
Operating
System		NetappAff Baseboard Management Controller Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H300e-AllAllAll
Operating
System		NetappBaseboard Management Controller H300e Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H300s-AllAllAll
Operating
System		NetappBaseboard Management Controller H300s Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H410s-AllAllAll
Operating
System		NetappBaseboard Management Controller H410s Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H500e-AllAllAll
Operating
System		NetappBaseboard Management Controller H500e Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H500s-AllAllAll
Operating
System		NetappBaseboard Management Controller H500s Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H700e-AllAllAll
Operating
System		NetappBaseboard Management Controller H700e Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H700s-AllAllAll
Operating
System		NetappBaseboard Management Controller H700s Firmware-AllAllAll
ApplicationNetappE-series Santricity Os ControllerAllAllAllAll
Hardware Device InfoNetappFas Baseboard Management Controller8300AllAllAll
Hardware Device InfoNetappFas Baseboard Management Controller8700AllAllAll
Operating
System		NetappFas Baseboard Management Controller Firmware-AllAllAll
Hardware Device InfoNetappHci Compute Node-AllAllAll
Operating
System		NetappHci Compute Node Firmware-AllAllAll
ApplicationNetappSolidfire Enterprise Sds Hci Storage Node-AllAllAll
ApplicationNetappSolidfire Hci Management Node-AllAllAll
ApplicationOracleCommunications Cloud Native Core Binding Support Function22.1.3AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Exposure Function22.1.1AllAllAll
ApplicationOracleCommunications Cloud Native Core Policy22.2.0AllAllAll
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*:
  • cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:aff_baseboard_management_controller:a400:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:aff_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:fas_baseboard_management_controller:8300:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:fas_baseboard_management_controller:8700:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:fas_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @tcpdefender CVE-2021-20322 DNS cache poisoning via ICMP fragment needed packets replies twitter.com/dangoodin001/s… 2021-11-17 18:11:37
Twitter Icon @reservoir access.redhat.com/security/cve/c… CVE-2021-20322 2021-11-18 02:16:20
Twitter Icon @Eric_Herman Interesting! CVE-2021-20322 DNS Cache Poisoning "A flaw in the processing of received ICMP errors [...] allows an… twitter.com/i/web/status/1… 2021-11-18 07:51:53
Twitter Icon @adminahead A newly disclosed security vulnerability designated CVE-2021-20322, in the DNS system could allow attackers to pois… twitter.com/i/web/status/1… 2021-11-19 09:55:43
Twitter Icon @beyondDNS CVE-2021-20322 Public 2021年8月26日 access.redhat.com/security/cve/c… 2021-11-19 10:49:56
Twitter Icon @DFNCERT @KohlerAc Red Hat gibt an, dass CVE-2021-20322 mit dem Kernel 5.13.17 (Mitte September) adressiert wurde. @fedora s… twitter.com/i/web/status/1… 2021-11-19 13:04:26
Twitter Icon @beyondDNS saddns\.net を見る。「サイドチャネル DNS」 で調べる。CVE-2021-20322 を調べる。辺りから手を付けましょう。 ひょっとすると、Kaminsky流毒盛攻撃も勉強する必要があるのかも。 2021-12-01 06:09:06
Twitter Icon @usijoe IT Risk: SUSE.Linux Kernelに複数の脆弱性 -2/2 CVE-2021-37159 CVE-2021-34981 CVE-2021-31916 CVE-2021-20322 CVE-2021-3772 CVE-2021-0941 2021-12-02 06:13:20
Twitter Icon @Raj_Samani In this month's publication of the @McAfee_ATR Bug report we take a look at CVE-2021-3064, CVE-2021-20322, CVE-2021… twitter.com/i/web/status/1… 2021-12-02 06:55:23
Twitter Icon @management_sun IT Risk: SUSE.Linux Kernelに複数の脆弱性 -2/2 CVE-2021-37159 CVE-2021-34981 CVE-2021-31916 CVE-2021-20322 CVE-2021-3772 CVE-2021-0941 2021-12-02 08:44:46
Twitter Icon @beyondDNS CVE-2021-20322 twitter.com/Raj_Samani/sta… 2021-12-02 13:27:46
Twitter Icon @beyondDNS CVE-2021-20322 (Ubuntu) Published: 19 October 2021 ubuntu.com/security/CVE-2… 2021-12-02 14:12:08
Twitter Icon @Har_sia CVE-2021-20322 har-sia.info/CVE-2021-20322… #HarsiaInfo 2021-12-02 18:28:03
Twitter Icon @management_sun IT Risk: SUSE.linux kernelに複数の脆弱性 -3/4 CVE-2021-34981 CVE-2021-34556 CVE-2021-33033 CVE-2021-31916 CVE-2021-20322 C… twitter.com/i/web/status/1… 2021-12-06 23:46:01
Twitter Icon @management_sun IT Risk: SUSE.Multiple vulnerabilities in the Linux Kernel -3/4 CVE-2021-20322 CVE-2021-20320 CVE-2021-3772 CVE-202… twitter.com/i/web/status/1… 2021-12-08 04:05:53
Twitter Icon @management_sun IT Risk: SUSE.Linux Kernelに複数の脆弱性 -3/4 CVE-2021-20322 CVE-2021-3772 CVE-2021-3764 CVE-2021-3760 CVE-2021-3759 CVE-2… twitter.com/i/web/status/1… 2021-12-08 23:43:51
Twitter Icon @management_sun IT Risk: SUSE.Multiple vulnerabilities in the Linux Kernel -3/4 CVE-2021-20322 CVE-2021-3772 CVE-2021-3764 CVE-2021… twitter.com/i/web/status/1… 2021-12-08 23:46:38
Twitter Icon @management_sun IT Risk: SUSE.Linux RT Kernelに複数の脆弱性 -2/2 CVE-2021-20322 CVE-2021-0941 CVE-2020-27820 2021-12-10 00:31:29
Twitter Icon @beyondDNS CVE-2021-20322 (saddns 2021) の 理解は進んだか。 twitter.com/beyondDNS/stat… 2022-01-12 03:06:23
Twitter Icon @softek_jp Linux Kernel の ICMP の処理に UDP の送信ポートを推測される問題 (CVE-2021-20322) [41218] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 2022-02-04 05:04:54
Twitter Icon @management_sun IT Risk: Ubuntu.Multiple vulnerabilities in Linux kernel -3/3 CVE-2021-20322 CVE-2021-3640 CVE-2021-42739 2022-02-04 08:39:11
Reddit Logo Icon /r/synology DSM Version: 7.1.1-42951 (Release Candidate) 2022-08-10 06:07:14
Reddit Logo Icon /r/synology Has anyone seen the release notes for the latest DSM 7.1.1 Release Candidate. Fixes a scary amount of CVEs. 2022-08-16 14:26:29
Reddit Logo Icon /r/synology DSM 7.1.1-42962 released! 2022-09-05 11:39:36
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report